"The other is that the groups might not show up on the client (do they?)"
how can i check that.
On Fri, Apr 29, 2016 at 5:59 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Fri, Apr 29, 2016 at 05:38:30PM +0300, Ben .T.George wrote:
> > Hi List,
> > I have working setup of one AD, one IPA server and one client server. by
> > default i can login to client server by using AD username.
> > i want to apply HBAC rules against this client server. For that i have
> > below steps.
> > 1. created External group in IPA erver
> > 2. created local POSIX group n IPA server
> > 3. Added AD group to external group
> > 4. added POSIX group to external group.
> > After that have created HBAC rule by adding both local and external IPA
> > groups, added sshd as service and selected service group as sudo.
> > i have applied this HBAC rule to client server and from web UI and while
> > testing HBAC from web, i am getting access denied .
> Sorry, not enough info.
> One guess would be that you need to add the "sudo-i" service as well.
> The other is that the groups might not show up on the client (do they?)
> Anyway, it might be good idea to follow
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project